def post_sync(self):
# Encodes & stores the password (entered by the user)
self.model.password = to_md5(self.new_password.value)
# Expires the token since it should only be used once
self.password_token.expire()
class zoe:
# id = 7
first_name = "Zoe"
last_name = "Jones"
pseudonym = "Zoe"
email = "*****@*****.**"
password = to_md5("secret7")
level = 0
class rolland:
# id = 6
first_name = "Rolland"
last_name = "Q"
pseudonym = "Rolex"
email = "*****@*****.**"
password = to_md5("secret6")
level = 2
class nico:
# id = 5
first_name = "Nicolas"
last_name = "C"
pseudonym = "Nico"
email = "*****@*****.**"
password = to_md5("secret5")
level = 2
class jo:
# id = 4
first_name = "Jonathan"
last_name = "L"
pseudonym = "Jo"
email = "*****@*****.**"
password = to_md5("secret4")
level = 2
class fx:
# id = 3
first_name = "Francois-Xavier"
last_name = "C"
pseudonym = "FX"
email = "*****@*****.**"
password = to_md5("secret3")
level = 2
class franck_p:
# id = 2
first_name = "Franck"
last_name = "P"
pseudonym = "Franck P"
email = "*****@*****.**"
password = to_md5("secret2")
level = 3
class franck_l:
# id = 1
first_name = "Franck"
last_name = "L"
pseudonym = "Franck L"
email = "*****@*****.**"
password = to_md5("secret1")
level = 2
def test_reset_password_POST(self):
NEW_PASSWORD = "******"
updated_user = User(
first_name=UserData.jo.first_name,
last_name=UserData.jo.last_name,
pseudonym=UserData.jo.pseudonym,
email=UserData.jo.email,
password=to_md5(NEW_PASSWORD),
level=UserData.jo.level
)
db_user = config.orm.query(User).filter(User.first_name == "Jonathan").one() #@UndefinedVariable
updated_user_data = {
"token" : PasswordTokenData.password_token_active.token,
"User-4-new_password" : NEW_PASSWORD,
"User-4-new_password_confirm" : NEW_PASSWORD
}
# Makes sure that the update fails with invalid data (1)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-4-new_password"] = ""
response = app.request("/reset/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn("Please enter a value", response.data)
self.assertIn("Passwords do not match", response.data)
self.assertEqual(db_user, UserData.jo)
self.assertNotEqual(db_user, updated_user)
# Makes sure that the update fails with invalid data (2)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-4-new_password"] = "******"
response = app.request("/reset/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn("Value must be at least 4 characters long", response.data)
self.assertIn("Passwords do not match", response.data)
self.assertEqual(db_user, UserData.jo)
self.assertNotEqual(db_user, updated_user)
# Makes sure that the update fails with invalid data (3)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-4-new_password"] = NEW_PASSWORD + "a"
response = app.request("/reset/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertNotIn("Value must be at least 4 characters long", response.data)
self.assertIn("Passwords do not match", response.data)
self.assertEqual(db_user, UserData.jo)
self.assertNotEqual(db_user, updated_user)
# Makes sure that the update works with valid data
response = app.request("/reset/password", method="POST", data=updated_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_SEE_OTHER)
self.assertEqual(db_user, updated_user)
self.assertNotEqual(db_user, UserData.jo)
def test_create_account_POST(self):
try:
old_user_emails = [user.email for user in User.all()]
self.assertEqual(len(old_user_emails), 7)
NEW_PASSWORD = "******"
expected_new_user = User(
first_name="Dorian",
last_name="Gray",
pseudonym="Dorian G",
email=UserTokenData.user_token_active.email,
password=to_md5(NEW_PASSWORD),
level=UserTokenData.user_token_active.level
)
new_user_data = {
"token" : UserTokenData.user_token_active.token,
"User--pseudonym" : expected_new_user.pseudonym,
"User--first_name" : expected_new_user.first_name,
"User--last_name" : expected_new_user.last_name,
"User--new_email" : expected_new_user.email,
"User--new_password" : NEW_PASSWORD,
"User--new_password_confirm" : NEW_PASSWORD
}
# Makes sure that the insert fails with invalid data
alterable_keys = [key for key in new_user_data.keys() if key != "token"]
for key in alterable_keys:
# Alters the submitted data
invalid_user_data = copy.deepcopy(new_user_data)
invalid_user_data[key] = ""
# Makes sure the server rejects the insert
response = app.request("/create/account", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn("Please enter a value", response.data)
self.assertEqual(len(User.all()), len(old_user_emails))
self.assertRaises(NoResultFound, config.orm.query(User).filter(~User.email.in_(old_user_emails)).one) #@UndefinedVariable
# Makes sure that the insert works with valid data
response = app.request("/create/account", method="POST", data=new_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_SEE_OTHER)
self.assertEqual(len(User.all()), 1 + len(old_user_emails))
new_user = config.orm.query(User).filter(~User.email.in_(old_user_emails)).one() #@UndefinedVariable
self.assertEquals(new_user, expected_new_user)
finally:
#TODO: should be done by the fixture
new_user = config.orm.query(User).filter(~User.email.in_(old_user_emails)).one() #@UndefinedVariable
config.orm.delete(new_user)
config.orm.commit()
def post_sync(self):
# Encodes & stores the password (entered by the user)
self.model.password = to_md5(self.new_password.value)
# Stores the level (enclosed in the token, not visible by the user)
self.model.level = self.user_token.level
# Stores the email (enclosed in the token as well, but potentially overriden by the user)
self.model.email = self.new_email.value
# Appends the user to the session
config.orm.add(self.model)
# Expires the token since it should only be used once
self.user_token.expire()
def test_update_password(self):
NEW_PASSWORD = "******"
updated_user = User(
first_name=UserData.franck_l.first_name,
last_name=UserData.franck_l.last_name,
pseudonym=UserData.franck_l.pseudonym,
email=UserData.franck_l.email,
password=to_md5(NEW_PASSWORD),
level=UserData.franck_l.level
)
updated_user_data = {
"User-1-old_password" : "secret1",
"User-1-new_password" : NEW_PASSWORD,
"User-1-new_password_confirm" : NEW_PASSWORD
}
self.login()
# Makes sure that the update fails with invalid data (1)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-1-old_password"] = ""
response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn("Please enter a value", response.data)
self.assertNotIn("Passwords do not match", response.data)
self.assertEqual(config.session_manager.user, UserData.franck_l)
self.assertNotEqual(config.session_manager.user, updated_user)
# Makes sure that the update fails with invalid data (2)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-1-old_password"] = "******"
response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn("Invalid value", response.data)
self.assertNotIn("Passwords do not match", response.data)
self.assertEqual(config.session_manager.user, UserData.franck_l)
self.assertNotEqual(config.session_manager.user, updated_user)
# Makes sure that the update fails with invalid data (3)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-1-new_password"] = ""
response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn("Please enter a value", response.data)
self.assertIn("Passwords do not match", response.data)
self.assertEqual(config.session_manager.user, UserData.franck_l)
self.assertNotEqual(config.session_manager.user, updated_user)
# Makes sure that the update fails with invalid data (4)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-1-new_password"] = "******"
response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn("Value must be at least 4 characters long", response.data)
self.assertIn("Passwords do not match", response.data)
self.assertEqual(config.session_manager.user, UserData.franck_l)
self.assertNotEqual(config.session_manager.user, updated_user)
# Makes sure that the update fails with invalid data (5)
invalid_user_data = copy.deepcopy(updated_user_data)
invalid_user_data["User-1-new_password"] = NEW_PASSWORD + "a"
response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertNotIn("Value must be at least 4 characters long", response.data)
self.assertIn("Passwords do not match", response.data)
self.assertEqual(config.session_manager.user, UserData.franck_l)
self.assertNotEqual(config.session_manager.user, updated_user)
# Makes sure that the update works with valid data
response = app.request("/update/password", method="POST", data=updated_user_data) #@UndefinedVariable
self.assertEqual(response.status, HTTP_SEE_OTHER)
self.assertEqual(config.session_manager.user, updated_user)
self.assertNotEqual(config.session_manager.user, UserData.franck_l)
def old_password_validator(value, field):
if field.parent.model.password != to_md5(value):
raise validators.ValidationError("Invalid value")
def post_sync(self):
# Encodes & stores the password (entered by the user)
self.model.password = to_md5(self.new_password.value)